Effective Password Cracking Using GPU

Table of Contents

  1. 2015 Winlab Summer Internship
    1. Projects
    1. Indoor Localization
    2. Introduction
      1. Motivation
      2. What is ORBIT Lab?
      3. Overall Approach
      4. Resources
      5. Procedure
      6. Plan of Action
      7. Weekly Presentations
      8. Team
    1. SDR in ORBIT: Spectrum Sensing
      1. Introduction
      2. Team
      3. Objectives
      4. Weekly Progress
      5. Experiments
    1. LTE Unlicensed (LTE-U)
      1. Introduction
      2. Objectives
      3. Theory
      4. Analyzing Tools
      5. Experiment 1: Transmit and Receive LTE Signal
      6. Experiment 2: The Waterfall Plot
      7. Experiment 3: eNB and UE GUI
      8. Experiment 4: Varying Bandwidths
      9. Experiment 5: Working with TDD or FDD
      10. Experiment 6: TDD with Varying Bandwidths
      11. Experiment 7: TDD Waterfall Plot
      12. Poster
      13. Members
      14. Materials
      15. Resources
    1. Distributed Simulation of Power Grid
      1. Introduction
      2. Objectives
      3. People
      4. Resources
    1. Context-Aware IoT Application on MobilityFirst
      1. Introduction
      2. Objectives
      3. System Architecture
      4. Network Diagram
      5. Experiment Tools
      6. Results
      7. Future Work
      8. Team member
    1. Real-Time Cyber Physical Systems Application on MobilityFirst
      1. Github Repo
      2. Introduction
      3. Preliminary Goal
      4. Outline of the Project
      5. Tasks
      6. Image Processing
      7. Weekly Summary
      8. Team
      9. Presentation Slides
    1. GNRS Assited Inter Domain Routing
      1. Introduction
    1. GNRS Management
      1. Introduction
      2. Work Milestones
    1. Effective Password Cracking Using GPU
      1. Introduction
      2. Objectives
      3. GPU
      4. Experiment
      5. Tools and Resources
  2. Body Sensor Networks
    1. Introduction
    2. Project Overview
    3. Data Collection
      1. Initial BCI data
    4. Data Analysis
    5. Tools/ Resources
    1. Unity Traffic Simulation
      1. Introduction
      2. Objectives
      3. People
    1. Mobile Security
      1. Introduction
      2. Motivation
    2. Resources
  3. Dynamic Video Encoding
    1. Introduction
    2. Goals
    3. Background Information
      1. Anatomy of a Video File
      2. What is a CODEC?
      3. H.264 Compression Algorithm
      4. Scalable Video Coding
      5. Network Emulator Test Results
      6. DASH Multi-Bitrate Encoding
      7. DASH Content Generation
      8. Bitrate Profiles
      9. Video Encoding Algorithms
      10. GPAC
    4. Presentations
    5. People


In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. There are two types of attack: one is Brute-force attack and the other is Dictionary attack. A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password. A dictionary attack is defeating a cipher by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities. It generates the hash from the dictionary entry and then compares them with the passwords.

A GPU has hundres of cores that can be used to compute mathematical functions in parallel. A CPU usually has 2-8 cores. Although a CPU core is much faster than a GPU core, password hashing is one of the functions that can be done in parallel very easily. This is what gives GPUs a massive edge in cracking passwords. A GPU is excellent at processing mathematical calculations. Hashing algorithms are simply a series of complex mathematical calculations. So it is better to GPU to crack the passwords.


We are trying to use GPU to crack the passwords rather than CPU. We want to install John the Ripper and Hashcat(both are password crackers) in CUDA machine and use the GPUs in that machine to crack the passwords.


The graph shows the comparison between GPU and CPU

  • Due to its design, the GPU is specialized for intensive, highly parallel computation
  • A typical GPU consists of the same elements as a normal CPU

The graph shows what we used for experiments

  • GPU: 1 Kepler GK 110B
  • Memory Size: 12 GB
  • Cores: 2880


Initial trial were conducted using the CPU to see what kinds of passwords was the easiest to crack

  • The password files consisted of random numbers, random letters, and a mix of random numbers and letters
  • Used Brute Force Attack

  • From the trial, the passwords of combination of numbers and letters are the most difficult type to crack
  • The passwords only contain numbers are the most easiest type to crack

Trial was conducted using both the CPU and GPU to prove that the GPU was much faster

  • Password files just contain numbers
  • Password length varied from 5 to 7 and use Brute Force Attack

  • The password length can dramatically influence cracking time
  • GPU can increase the password cracking time significantly

The next step was to see how many passwords can be cracked with an upper limit of 1015 guesses

  • Used a leaked password list which contains 1,571,804 number of passwords
  • Used John the Ripper, hashcat, PCGF and Markov model

Final experiment graph

  • From the current trials, John the Ripper was able to crack the largest percentage of passwords
  • The problem with John the Ripper is that it was a very long time to crack passwords, it was not able to reach 1015 guesses even though the trial ran 17 days
  • Hashcat was a much shorter trial of only 5 days and it approached 1015 guesses
  • PCFG was able to crack about 25% of the passwords with only 109 guesses which is more than both John the Ripper and Hashcat, but John the Ripper and Hascat kept increasing while PCFG was stagnant
  • Markov model is the most inefficient one for password cracking

Tools and Resources

Last modified 22 months ago Last modified on 08/18/15 11:23:21

Attachments (5)

Download all attachments as: .zip